[create-pull-request] automated change #636

Workflow file for this run

	name: "build.yml"
	on:
	pull_request:
	types:
	- opened
	- reopened
	- synchronize
	workflow_dispatch:
	inputs:
	debug_enabled:
	type: "boolean"
	description: "Run the build with tmate debugging enabled"
	merge_group:
	push:
	branches:
	- "main"
	tags:
	- "v*"

	concurrency:
	group: "${{ github.workflow }}:${{ github.ref }}"
	cancel-in-progress: true

	jobs:
	matrix:
	permissions:
	issues: "write"
	pull-requests: "write"
	packages: "write"
	contents: "write"
	id-token: "write"
	name: "matrix"
	runs-on:
	- "ubuntu-latest"
	outputs:
	matrix: "${{ steps.matrix.outputs.matrix }}"
	steps:
	- uses: "actions/checkout@v6"
	with:
	fetch-depth: 0
	- uses: "dtolnay/rust-toolchain@stable"
	- uses: "cargo-bins/cargo-binstall@main"
	- name: "install whyq"
	run: \|
	set -euxo pipefail
	sudo apt-get update
	sudo apt-get install --yes --no-install-recommends jq
	cargo binstall --no-confirm whyq
	- name: "generate test matrix"
	id: "matrix"
	run: \|
	set -euxo pipefail
	yq \
	--compact-output \
	--raw-output \
	'"matrix=" + (.matrix \| tostring)' builds.yml \
	\| tee -a "${GITHUB_OUTPUT}"
	- name: "report build plan"
	run: \|
	./scripts/plan.sh "${GITHUB_STEP_SUMMARY}"
	run:
	name: "run"
	needs:
	- matrix
	runs-on:
	- "lab"
	timeout-minutes: 300
	strategy:
	max-parallel: 2
	matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }}
	permissions:
	issues: "write"
	pull-requests: "write"
	packages: "write"
	contents: "read"
	id-token: "write"
	steps:
	- name: "log KUBE_NODE"
	run: \|
	echo "$KUBE_NODE"

	- uses: "actions/checkout@v6"
	with:
	fetch-depth: 0

	- name: "install nix"
	uses: "cachix/install-nix-action@v31"

	- run: \|
	sudo chown -R "$(id -u):$(id -g)" /nix

	- name: "login to ghcr.io"
	uses: "docker/login-action@v3"
	with:
	registry: "ghcr.io"
	username: "${{ github.actor }}"
	password: "${{ secrets.GITHUB_TOKEN }}"

	- uses: "dtolnay/rust-toolchain@stable"

	- uses: "cargo-bins/cargo-binstall@main"

	- run: \|
	cargo binstall --no-confirm just

	- name: "confirm sources"
	run: \|
	./scripts/confirm-sources.sh

	- name: "build + push (debug)"
	run: \|
	sudo --preserve-env just --yes profile=debug debug=true max_nix_builds=1 cores=$(nproc) rust="${{ matrix.toolchain.key }}" push

	- name: "build + push (release)"
	run: \|
	sudo --preserve-env just --yes profile=release debug=true max_nix_builds=1 rust="${{ matrix.toolchain.key }}" push

	- name: "Install SBOM generator dependencies"
	run: \|
	for f in /tmp/dpdk-sys/builds/*; do
	[ -h "$f" ] && sudo --preserve-env rm "$f"
	done
	cargo binstall --no-confirm csview
	sudo apt-get update
	sudo apt-get install --yes --no-install-recommends graphviz

	- name: "generate SBOM"
	run: \|
	sudo --preserve-env ./scripts/sbom.sh

	- name: "step summary"
	continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB
	run: \|
	cat "/tmp/dpdk-sys/builds/env.sysroot.summary.md" >> "${GITHUB_STEP_SUMMARY}"

	- name: "remove links from /tmp/dpdk-sys/builds"
	run: \|
	for f in /tmp/dpdk-sys/builds/*; do
	[ -h "$f" ] && sudo rm "$f"
	done

	- uses: "actions/upload-artifact@v6"
	with:
	name: "builds-${{ matrix.toolchain.key }}"
	path: "/tmp/dpdk-sys/builds"

	- name: "outdated packages (gnu64)"
	uses: "actions/github-script@v8"
	if: ${{ github.event_name == 'pull_request' }}
	with:
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	script: \|
	let fs = require('fs');
	let body = "<details>\n";
	body += "<summary>\n\n";
	body += "## Outdated packages (gnu64):\n\n";
	body += "</summary>\n\n";
	body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md');
	body += "\n</details>\n";
	const maxLength = 65535;
	if (body.length > maxLength) {
	const warning = "\n...output truncated due to length limits...\n";
	body = body.slice(0, maxLength - warning.length) + warning;
	}
	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: body
	});

	- name: "Vulnerable packages (gnu64)"
	uses: "actions/github-script@v8"
	if: ${{ github.event_name == 'pull_request' }}
	with:
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	script: \|
	let fs = require('fs');
	let body = "<details>\n";
	body += "<summary>\n\n";
	body = "## Vulnerable packages (gnu64):\n";
	body += "</summary>\n\n";
	body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md');
	body += "\n</details>\n";
	const maxLength = 65535;
	if (body.length > maxLength) {
	const warning = "\n...output truncated due to length limits...\n";
	body = body.slice(0, maxLength - warning.length) + warning;
	}
	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: body
	});

	- name: "Setup tmate session for debug"
	if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
	uses: "mxschmitt/action-tmate@v3"
	timeout-minutes: 60
	with:
	limit-access-to-actor: true

	vlab:
	needs:
	- run

	name: "${{ matrix.hybrid && 'h' \|\| 'v' }}-${{ matrix.upgradefrom && 'up' \|\| '' }}${{ matrix.upgradefrom }}${{ matrix.upgradefrom && '-' \|\| '' }}${{ matrix.mesh && 'mesh-' \|\| '' }}${{ matrix.gateway && 'gw-' \|\| '' }}${{ matrix.includeonie && 'onie-' \|\| '' }}${{ matrix.buildmode }}-${{ matrix.vpcmode }}"

	uses: githedgehog/fabricator/.github/workflows/run-vlab.yaml@master
	with:
	# ci:+hlab is required to enable hybrid lab tests on PR
	# ci:-vlab disables virtual lab tests on PR
	# ci:-upgrade disables upgrade tests on PR
	# hlab is disabled for main and merge_queue till we have gateway tests for it
	skip: >-
	${{
	github.event_name == 'pull_request'
	&& (
	matrix.hybrid && !contains(github.event.pull_request.labels.*.name, 'ci:+hlab')
	\|\| !matrix.hybrid && contains(github.event.pull_request.labels.*.name, 'ci:-vlab')
	) && (
	matrix.upgradefrom == '' \|\| contains(github.event.pull_request.labels.*.name, 'ci:-upgrade')
	)

	\|\| github.event_name == 'workflow_dispatch'
	&& (
	matrix.hybrid && inputs.run_hlab_tests != true
	\|\| !matrix.hybrid && inputs.skip_vlab_tests == true
	)

	\|\| (github.event_name == 'push' \|\| github.event_name == 'merge_group')
	&& matrix.hybrid
	}}
	fabricatorref: master
	prebuild: "just bump frr ${{ github.sha }}.release"
	fabricmode: ${{ matrix.fabricmode }}
	gateway: ${{ matrix.gateway }}
	includeonie: ${{ matrix.includeonie }}
	buildmode: ${{ matrix.buildmode }}
	vpcmode: ${{ matrix.vpcmode }}
	releasetest: ${{ contains(github.event.pull_request.labels.*.name, 'ci:+release') }}
	hybrid: ${{ matrix.hybrid }}
	upgradefrom: ${{ matrix.upgradefrom }}

	strategy:
	fail-fast: false
	matrix:
	fabricmode:
	- spine-leaf
	gateway:
	- true
	includeonie:
	- false
	buildmode:
	- iso
	vpcmode:
	- l2vni
	hybrid:
	- false
	upgradefrom:
	- ""
	- "25.05"
	include:
	# gateway l3vni
	- fabricmode: spine-leaf
	gateway: true
	includeonie: false
	buildmode: iso
	vpcmode: l3vni
	hybrid: false
	upgradefrom: ""

	# hlab gateway l2vni
	- fabricmode: spine-leaf
	gateway: true
	includeonie: false
	buildmode: iso
	vpcmode: l2vni
	hybrid: true
	upgradefrom: ""

	summary:
	name: "summary"
	if: ${{ always() }}
	runs-on:
	- "ubuntu-latest"
	needs:
	- run
	- vlab
	steps:
	- name: "Flag any build matrix failures"
	if: ${{ needs.run.result != 'success' && needs.run.result != 'skipped' }}
	run: \|
	>&2 echo "A critical step failed!"
	exit 1
	- name: "Flag any vlab matrix failures"
	if: ${{ needs.vlab.result != 'success' && needs.vlab.result != 'skipped' }}
	run: \|
	>&2 echo "A critical step failed!"
	exit 1

	publish:
	runs-on: lab
	if: startsWith(github.event.ref, 'refs/tags/v') && github.event_name == 'push'
	needs:
	- run
	- vlab

	permissions:
	packages: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v6
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@v6
	with:
	go-version: stable
	cache: true

	- name: Login to ghcr.io
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Push release container
	run: \|
	just push-frr-release-container

	# Bump frr in the fabricator repository

	- name: Checkout fabricator repository
	uses: actions/checkout@v6
	with:
	repository: githedgehog/fabricator
	path: fab-repo
	persist-credentials: false

	- name: Bump frr in fabricator
	working-directory: fab-repo
	run: \|
	sed -i "s/^\tFRRVersion.*/\tFRRVersion=meta.Version(\"${{ github.ref_name }}\")/" pkg/fab/versions.go
	go fmt pkg/fab/versions.go

	- name: Generate token for the fabricator repository
	uses: actions/create-github-app-token@v2
	id: fab-app-token
	with:
	app-id: ${{ secrets.FAB_APP_ID }}
	private-key: ${{ secrets.FAB_PRIVATE_KEY }}
	repositories: \|
	fabricator

	- name: Create Pull Request for fabricator
	uses: peter-evans/create-pull-request@v8
	id: fab-pr
	with:
	token: ${{ steps.fab-app-token.outputs.token }}
	path: fab-repo
	branch: pr/auto/frr-bump
	commit-message: \|
	bump: frr to ${{ github.ref_name }}

	This is an automated commit created by GitHub Actions workflow,
	in the frr repository.
	signoff: true
	title: "bump: frr to ${{ github.ref_name }}"
	body: \|
	This is an automated Pull Request created by GitHub Actions workflow,
	in the frr repository.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[create-pull-request] automated change #636

Workflow file

[create-pull-request] automated change #636

Uh oh!

Workflow file for this run